CN112822184B - Unsupervised autonomous attack detection method in endogenous security system - Google Patents
Unsupervised autonomous attack detection method in endogenous security system Download PDFInfo
- Publication number
- CN112822184B CN112822184B CN202011633568.9A CN202011633568A CN112822184B CN 112822184 B CN112822184 B CN 112822184B CN 202011633568 A CN202011633568 A CN 202011633568A CN 112822184 B CN112822184 B CN 112822184B
- Authority
- CN
- China
- Prior art keywords
- node
- sensor
- graph
- module
- nodes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Biophysics (AREA)
- Molecular Biology (AREA)
- Biomedical Technology (AREA)
- Artificial Intelligence (AREA)
- General Physics & Mathematics (AREA)
- Computational Linguistics (AREA)
- Software Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an unsupervised autonomous attack detection method in an endogenous security system, which comprises the steps of constructing a dynamic graph model of nodes and logic relations in a target network, encoding the graph model into hidden vectors, initializing subgraphs and each node based on the hidden vectors, generating edges between the nodes through two strategies of node selection and node expansion, and repeating the steps until decoding reconstruction is finished. And calculating the reconstruction accuracy, judging that the target network is attacked if the reconstruction accuracy is smaller than a threshold value, positioning the attacked area in a graph matching mode for the condition of judging that the target network is attacked, and returning a judgment result.
Description
Technical Field
The invention relates to the technical field of computer network communication, in particular to an unsupervised autonomous attack detection method in an endogenous security system.
Background
The traditional security defense is usually independently developed in specific fields of anti-malware, network traffic anomaly detection, network security operation, system security assessment and the like. The endogenous safety system constructs an endogenous safety system of an information system based on a biological nervous system from the perspective of bionics. Compared with the existing intelligent safety research, the method has the difference that the 'endogenous safety' fuses a human body bionic system, immunity, artificial intelligence and a mobile communication network, a huge amount of sensors are arranged according to the distributed sensing characteristic of a human body nervous system, the change of each part of the system is monitored in real time, a human brain-like safety center is constructed by using an artificial intelligence method, and a decision is made through summarized information, so that the external invasion is reasonably controlled, and the internal invasion is immune-type defended. The bionic body is used for sensing deployment of a network, learning and decision of a human-like brain, moderate counteraction of external invasion, marking and defense of internal invasion, and is an endogenous safety mechanism based on bionic immunity. According to the concept of the bionic immunity, basic theoretical problems such as constructing a bionic immune system highly fused with an information system, designing a distributed fine-grained threat sensing and countering mechanism, designing a multilayer transmission network parallelly fused with the information system, establishing an access control mechanism which cannot be duplicated, constructing a safety center with learning, processing and decision-making capabilities by using an artificial intelligence method and the like are overcome.
In an endogenous safety system, one of the key links is autonomous attack detection, and attack identification and problem positioning in each independent safety region are realized. However, new attacks are layered on the network and these attacks are more covert and intelligent than previous attacks. The traditional method based on feature matching cannot cope with more and more complex attack means, so that many researchers use machine learning algorithms to carry out attack detection. However, most of the existing attack detection based on machine learning is a supervised learning method, and a large amount of attack data is needed as a priori knowledge to learn a model, which causes two serious problems: 1. the manual marking of data consumes a great deal of time and energy, and the quality of the manual marking of data cannot be guaranteed; 2. the supervised learning method needs to train a model according to attack data, and in practical application, attack means are infinite, and if a new attack does not appear in the training data, the supervised learning method may not detect the attack. Therefore, the invention provides an unsupervised autonomous attack detection technology in an endogenous safety system, which does not need the prior knowledge of attack data and can realize the attack identification and positioning functions in the endogenous safety system by self-learning the network state in the normal state.
Disclosure of Invention
The invention aims to provide an unsupervised autonomous attack detection method in an endogenous security system, overcomes the defects of the prior art, and solves the problems that the traditional feature matching-based method is low in recognition rate, the machine learning-based method is lack of reliable pre-annotated data and cannot cope with unknown attacks.
The purpose of the invention can be realized by the following technical scheme:
an unsupervised autonomous attack detection method in an endogenous security system, comprising the steps of:
s1, acquiring data based on a huge sensor in an endogenous safety system;
s2, constructing a dynamic graph model based on nodes and logic relations in the target network, wherein each node in the graph comprises a node attribute feature, and each logic relation comprises a relation attribute feature; the attribute graph variation self-coding comprises two modules: an encoder and a generator. Detecting an anomaly on the graph according to the change of the node attribute in the attribute graph model and the change of the edge between the nodes, and detecting the anomaly of the target network based on the anomaly of the graph;
s3, the graph encoder module encodes the graph model into a hidden vector; to capture the structure information of the graph and the attribute characteristics of the nodes; the decoder comprises three stages of initialization, node updating and attribute graph reconstruction;
s4, initializing the representation vector of each node in the attribute graph into a hidden vector by the graph decoder, and selecting one node as an initialization subgraph;
s5, selecting a target node based on the subgraph, updating the subgraph, and iteratively updating the representation vector of each node in the subgraph to generate a new representation vector; continuously generating edges between nodes through two strategies of node selection and node expansion, wherein in each step, firstly, a node is selected from a queue, whether an edge exists between the node and other nodes is judged, and the process is repeated until the attribute graph is constructed;
s6, calculating a loss function, calculating the reconstruction probability of the normal image model only by using the normal data training image variation self-coding model, calculating the reconstruction accuracy P, and judging that the target network is attacked if the reconstruction accuracy P is smaller than a threshold T;
and S7, positioning the attacked area in a graph matching mode for the condition of being attacked, and returning the judgment result.
Furthermore, the detection method realizes the functions of attack detection and positioning firstly by self-learning the network state in the normal state.
Further, the sensor types corresponding to step S1 include one or more of a network flow sensor, a file access sensor, an upload and download sensor, a website access sensor, a mail monitoring sensor, a program monitoring sensor, an electric quantity consumption sensor, a CPU temperature sensor, a log sensor, and a memory usage sensor.
Further, the node attribute in step S2 includes one or more of duration, byte number, packet content, source computer, source port, destination computer, destination port, protocol, file access record, upload/download record, web page access, mail access, program monitoring, power consumption record, CPU temperature change record, log access record, log content, and memory usage record.
Further, the sub-graph update in step S5 includes a sub-graph node update and a node representation vector update.
Further, the step S5 of updating the sub-graph nodes one by one is completed according to two functions: target selection and neighbor expansion; selecting a target node to be accessed through a target, selecting edges to be added from the target node through neighbor expansion, and inserting all nodes into a queue by a target selection function according to a breadth-first traversal method; and the neighbor expansion function selects neighbors for the target node according to the whole graph information and the information of each node, and updates the queue.
Further, in the step S5, the representation vector of the node is updated by sequentially traversing each node according to a breadth-first traversal manner and updating the representation vector of the node.
Further, the attribute graph generation method in step S5 adopts a teacher-shaping learning method: after prediction at each step, the predicted values are replaced with the real nodes and attributes of the attribute graph, so that each step of the graph model makes predictions according to the correct history.
Further, in the step S6, the normal data is used to train the model and determine the threshold T, and for the unknown graph model, if the reconstruction accuracy is lower than the threshold T, it is determined that the graph model is attacked.
An unsupervised autonomous attack detection device in an endogenous security system comprises a data acquisition and distribution module, a data analysis module, an attribute graph construction module, a decision-making judgment module and a cooperative processing module.
The data acquisition and distribution module is used for identifying data transmitted by external equipment and distributing the data to the target processing unit, the whole data acquisition process is located in a safe area, and information triggering, exchange and multilayer conduction are carried out through a mass sensor.
The mass sensor comprises one or more of a network flow sensor, a file access sensor, an uploading and downloading sensor, a website access sensor, an email monitoring sensor, a program monitoring sensor, an electric quantity consumption sensor, a CPU temperature sensor, a log sensor and a memory occupation sensor.
The data analysis module is used for analyzing the operation result data output by the target processing unit and generating unique data characteristics.
The attribute graph building module comprises an encoder module, a generator module and a decoder module, and the decoder module comprises an initialization module, a node updating module, an intelligent decision module and an attribute graph reconstruction module; and the intelligent decision module is used for performing mimicry decision on the data characteristics of the nodes by the mimicry decision strategy.
The decision-making module is used for judging the attacked condition, positioning the attacked area in a graph matching mode and returning a judgment result.
The cooperative processing module is used for cooperative processing of decision making and is used for processing data after decision making and sending the data to external equipment, and the monitoring processor monitors feedback information in real time.
The invention has the beneficial effects that:
1. the autonomous attack detection method constructs relevant nodes in a target network into an attribute graph model, and provides a graph variation self-coding model for detecting whether attack behaviors exist in the network, compared with the traditional feature matching method, the method does not need to manually define features, and has strong sensing capability, judgment capability and self-adaptive capability; compared with the existing machine learning and deep learning methods, the method does not need a pre-annotated abnormal data set, and solves the problem of lack of reliable pre-annotated data sets;
2. the autonomous attack detection method realizes attack detection by simulating a normal network structure, and solves the problem that unmarked abnormal behaviors are difficult to detect by a machine learning method with a label.
Drawings
The invention will be further described with reference to the accompanying drawings.
FIG. 1 is a schematic overview of the endogenous security architecture of the present invention;
FIG. 2 is a schematic diagram showing the relationship between the detection method and other modules of the endogenous security system according to the present invention;
FIG. 3 is a flow chart of the overall implementation of the detection method of the present invention;
FIG. 4 is a flowchart of an implementation of the attribute map reconstruction module in the detection method of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An unsupervised autonomous attack detection method in an endogenous security system, as shown in fig. 1, attacks on a target node are implemented by applying a perturbation to a certain node on a graph, so as to change some attribute characteristics of the node.
As shown in fig. 1, the change to the system structure is to change the overall structure of the graphs by applying perturbation to the overall structure of the graphs, where perturbation to the graph structure includes adding edges, subtracting edges, adding nodes, deleting nodes, and the like.
Given a pair-attribute graph G (V, A, X), where V ∈ V represents a node in the graph, A ∈ {0,1} N×M Representing the neighboring relationship between vertices for a adjacency matrix, X ∈ {0,1} N×D Is a feature matrix, x v ∈{0,1} D A D-dimensional feature vector representing node v.
As shown in fig. 4, the detection model system framework includes three modules: initializing, updating nodes and selecting edges; for confrontation sample G P This project begins with G P The representation vector of each node in (a) is initialized to its feature attribute vector, i.e. the
For each stage t of the graph generated in FIG. 4, the representation vector of each node in the graph is iteratively updated to generate a new representation vectorIn the edge selection stage, edges between nodes are continuously generated through two strategies of node selection and node expansion.
In each step of edge selection, the graph noise reduction model firstly selects a node in the queue, judges whether an edge exists between the node and other nodes, and repeats the process continuously until the graph construction is completed.
When a new graph is generated, the project is to update the nodes thereof based on the graph convolutional Neural network (GCN), and a target node i and a representation vector h thereof are given i By integrating the representation vectors of its neighbor nodes, its single-layer forward propagation is of the form:
where α is ij ∈[0,1]0 indicates that node j is not a neighbor of node i, 1 indicates that j is a neighbor of node i, α ij =1,w is a parameter that needs to be learned.
Firstly, selecting a node v from a queue, and then selecting a node u with an edge between the selected node v and the node v; for every two nodes u and v, a feature vector is constructedWherein d is u,v Is the Euclidean distance between v and u, H t Global features representing the graph, which are used to generate the distribution of candidate edges:
here, W t And U t Is a ginseng needing to be learnedAnd (4) counting.
The loss between the original image and the reconstructed image includes two parts of attribute loss and structural loss, wherein the attribute loss is determined by calculating the L1 norm of the denoised sample and the original image, and the structural loss is realized by maximizing the probability of restoring all edges.
Wherein, the first and the second end of the pipe are connected with each other,representing the true attributes and true edges of the nodes in the graph, respectively.
An unsupervised autonomous attack detection device in an endogenous security system comprises a data acquisition and distribution module, a data analysis module, an attribute graph construction module, a decision-making judgment module and a cooperative processing module.
The data acquisition and distribution module is used for identifying data transmitted by external equipment and distributing the data to the target processing unit, the whole data acquisition process is located in a safe area, and information triggering, exchange and multilayer transmission are carried out through a huge amount of sensors.
The mass sensors comprise a network flow sensor, a file access sensor, an uploading and downloading sensor, a website access sensor, a mail monitoring sensor, a program monitoring sensor, an electric quantity consumption sensor, a CPU temperature sensor, a log sensor and a memory occupation sensor.
And the data analysis module is used for analyzing the operation result data output by the target processing unit and generating unique data characteristics.
The attribute graph building module comprises an encoder module, a generator module and a decoder module, and the decoder module comprises an initialization module, a node updating module, an intelligent decision module and an attribute graph reconstruction module.
The intelligent decision module is used for performing mimicry decision on the data characteristics of the nodes by the mimicry decision strategy;
and the decision-making module is used for judging the attacked situation, positioning the attacked area in a graph matching mode and returning a judgment result.
And the cooperative processing module is used for cooperative processing of decision making and is used for processing data after decision making and sending the data to external equipment, and the monitoring processor monitors feedback information in real time.
In the description herein, references to the description of "one embodiment," "an example," "a specific example" or the like are intended to mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing shows and describes the general principles, essential features, and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed.
Claims (10)
1. An unsupervised autonomous attack detection method in an endogenous security system, the detection method comprising:
s1, acquiring data based on a huge sensor in an endogenous safety system;
s2, constructing a dynamic graph model based on nodes and logic relations in the target network, wherein each node in the graph comprises a node attribute feature, and each logic relation comprises a relation attribute feature;
s3, the graph encoder module encodes the graph model into a hidden vector;
s4, initializing the representation vector of each node in the attribute graph into a hidden vector by the graph decoder, and selecting one node as an initialization sub-graph;
s5, selecting a target node based on the subgraph, updating the subgraph, and iteratively updating the representation vector of each node in the subgraph to generate a new representation vector; continuously generating edges between nodes through two strategies of node selection and node expansion, wherein in each step, firstly, a node is selected from a queue, whether an edge exists between the node and other nodes is judged, and the process is repeated until the attribute graph is constructed;
s6, calculating a reconstruction accuracy P, and if the reconstruction accuracy P is smaller than a threshold value T, judging that the target network is attacked;
and S7, positioning the attacked area in a graph matching mode for the condition of being attacked, and returning the judgment result.
2. The method of claim 1, wherein the method of detecting attacks is capable of detecting attacks and locating attacks by self-learning the network status in normal status.
3. The method according to claim 1, wherein the sensor types corresponding to step S1 include one or more of a network traffic sensor, a file access sensor, an upload/download sensor, a website access sensor, a mail monitoring sensor, a program monitoring sensor, a power consumption sensor, a CPU temperature sensor, a log sensor, and a memory usage sensor.
4. The method of claim 1, wherein the node attributes in step S2 include one or more of duration, number of bytes, packet content, source computer, source port, destination computer, destination port, protocol, file access record, upload/download record, web page access, mail access, program monitor, power consumption record, CPU temperature change record, log access record, log content, and memory usage record.
5. The method of claim 1, wherein the sub-graph update in step S5 comprises sub-graph node update and node representation vector update.
6. The method of claim 1, wherein the updating of each sub-graph node in step S5 is performed according to two functions: target selection and neighbor expansion; selecting a target node to be accessed through a target, selecting edges to be added from the target node through neighbor expansion, and inserting all nodes into a queue by a target selection function according to a breadth-first traversal method; and the neighbor expansion function selects neighbors for the target node according to the whole graph information and the information of each node, and updates the queue.
7. The method according to claim 1, wherein the updating of the expression vectors of the nodes in step S5 sequentially traverses the nodes and updates the expression vectors of the nodes according to a breadth-first traversal method.
8. The unsupervised autonomous attack detection method in an endogenous security system according to claim 1, wherein the attribute map generation method in the step S5 adopts a teacher-forcing learning method: after prediction at each step, the predicted values are replaced with the real nodes and attributes of the attribute graph, so that each step of the graph model makes predictions according to the correct history.
9. The method as claimed in claim 1, wherein the step S6 is performed by training a model with normal data and determining a threshold T, and for the unknown graph model, if the reconstruction accuracy is lower than the threshold T, the graph model is determined to be under attack.
10. An unsupervised autonomous attack detection apparatus in an endogenous security system, the unsupervised autonomous attack detection apparatus comprising one or more processors:
a memory for storing one or more programs;
when executed by one or more of said processors, cause the one or more processors to implement the unsupervised, autonomous attack detection method in an endogenous security system of any one of claims 1-9;
the detection device comprises a data acquisition and distribution module, a data analysis module, an attribute graph construction module, a decision-making judgment module and a cooperative processing module;
the data acquisition and distribution module is used for identifying data transmitted by external equipment and distributing the data to the target processing unit, the whole data acquisition process is positioned in a safe area, and information triggering, exchange and multilayer transmission are carried out through a huge sensor;
the mass sensor comprises one or more of a network flow sensor, a file access sensor, an uploading and downloading sensor, a website access sensor, an email monitoring sensor, a program monitoring sensor, an electric quantity consumption sensor, a CPU temperature sensor, a log sensor and a memory occupation sensor;
the data analysis module is used for analyzing the operation result data output by the target processing unit and generating unique data characteristics;
the attribute graph building module comprises an encoder module, a generator module and a decoder module, and the decoder module comprises an initialization module, a node updating module, an intelligent decision module and an attribute graph reconstruction module; the intelligent decision module is used for performing mimicry decision on the data characteristics of the nodes by the mimicry decision strategy;
the decision-making module is used for determining the attacked condition, positioning the attacked area in a graph matching mode and returning a determination result;
and the cooperative processing module is used for performing cooperative processing of decision making and is used for processing data after decision making and sending the data to external equipment, and the monitoring processor processes monitoring feedback information in real time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011633568.9A CN112822184B (en) | 2020-12-31 | 2020-12-31 | Unsupervised autonomous attack detection method in endogenous security system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011633568.9A CN112822184B (en) | 2020-12-31 | 2020-12-31 | Unsupervised autonomous attack detection method in endogenous security system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112822184A CN112822184A (en) | 2021-05-18 |
CN112822184B true CN112822184B (en) | 2023-04-07 |
Family
ID=75856570
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011633568.9A Active CN112822184B (en) | 2020-12-31 | 2020-12-31 | Unsupervised autonomous attack detection method in endogenous security system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112822184B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20240064161A1 (en) * | 2022-08-19 | 2024-02-22 | Nec Laboratories America, Inc. | Log anomaly detection using temporal-attentive dynamic graphs |
CN117540883B (en) * | 2024-01-10 | 2024-04-09 | 山东鲁轻安全评价技术有限公司 | AI-based security risk identification analysis system and method |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110691100B (en) * | 2019-10-28 | 2021-07-06 | 中国科学技术大学 | Hierarchical network attack identification and unknown attack detection method based on deep learning |
CN111507385B (en) * | 2020-04-08 | 2023-04-28 | 中国农业科学院农业信息研究所 | Extensible network attack behavior classification method |
CN111935143B (en) * | 2020-08-10 | 2021-11-26 | 武汉思普崚技术有限公司 | Method and system for visualizing attack defense strategy |
CN111818101B (en) * | 2020-09-09 | 2020-12-11 | 平安国际智慧城市科技股份有限公司 | Network security detection method and device, computer equipment and storage medium |
-
2020
- 2020-12-31 CN CN202011633568.9A patent/CN112822184B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN112822184A (en) | 2021-05-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Muna et al. | Identification of malicious activities in industrial internet of things based on deep learning models | |
Ravi et al. | Recurrent deep learning-based feature fusion ensemble meta-classifier approach for intelligent network intrusion detection system | |
EP3620990A1 (en) | Capturing network dynamics using dynamic graph representation learning | |
CN109214599B (en) | Method for predicting link of complex network | |
CN112822184B (en) | Unsupervised autonomous attack detection method in endogenous security system | |
TW202001693A (en) | Method of characterizing activity in an artificial nerual network, and system comprising one or more computers operable to perform said method | |
CN112153002B (en) | Alarm information analysis method, device, computer equipment and storage medium | |
Wei et al. | An RNN-based delay-guaranteed monitoring framework in underwater wireless sensor networks | |
CN112949702B (en) | Network malicious encryption traffic identification method and system | |
CN111431819A (en) | Network traffic classification method and device based on serialized protocol flow characteristics | |
CN112966714A (en) | Edge time sequence data anomaly detection and network programmable control method | |
US20240028744A1 (en) | Dynamic network risk predicting method based on a graph neural network | |
CN114863226A (en) | Network physical system intrusion detection method | |
Berghout et al. | EL-NAHL: Exploring labels autoencoding in augmented hidden layers of feedforward neural networks for cybersecurity in smart grids | |
Ray et al. | Contemporary developments and technologies in deep learning–based IoT | |
CN113761525A (en) | Intelligent intrusion detection method and system based on federal learning | |
Xu et al. | Traversing the local polytopes of relu neural networks | |
CN116916317A (en) | Invasion detection method based on white shark and random forest | |
CN114915446A (en) | Intelligent network security detection method fusing priori knowledge | |
CN115758337A (en) | Back door real-time monitoring method based on timing diagram convolutional network, electronic equipment and medium | |
CN112104684A (en) | Platform management system based on Internet of things | |
Qiu et al. | Abnormal Traffic Detection Method of Internet of Things Based on Deep Learning in Edge Computing Environment | |
Arul Jothi et al. | Rule-Based Outlier Detection with a Modified Variational AutoEncoder for Enhancing Data Accuracy in Wireless Sensor Networks | |
Guo | An Overview of Adversarial Sample Attacks and Defenses for Graph Neural Networks | |
CN117857168A (en) | Network attack detection method, device and processor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |